Lucene search

K
osvGoogleOSV:GHSA-3FMQ-X9Q6-WM39
HistoryMay 17, 2024 - 11:27 p.m.

random_compat Uses insecure CSPRNG

2024-05-1723:27:19
Google
osv.dev
4
insecure csprng
random_compat
openssl_random_pseudo_bytes
security vulnerability

7 High

AI Score

Confidence

Low

random_compat versions prior to 2.0 are affected by a security vulnerability related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators (CSPRNG). The affected versions use openssl_random_pseudo_bytes(), which may result in insufficient entropy and compromise the security of generated random numbers.

7 High

AI Score

Confidence

Low